DNS settings for a W2008 server - small network

Introduction

We assume the design is as follows:
- internal domain name like yourcompany.local
- internal IP addresses like: 192.168.1.x (can be any private class C)
- internet connection is made with a router with firewall & NAT, therefore you have an external, public IP from your ISP and you are using range 192.168.1.x as descibed above. It's easiest to have IP 192.168.1.1 on internal interface of your router.
Important:
- in order to have a reliable access from workstations to server the DNS setup also has to provide a reliable mapping from workstations names to their IP addresses and the reverse, from their IP addresses to their names.
- this can be achieved by using a static design, with static IP addresses, or by using DHCP server role onto w2008 server and static reservations for each MAC address of the workstations & printers. It's advisable to use the simpliest way with static IP addresses and not get messed up by DHCP, that can go into trouble in case of MAC address change (or mistyping), delayed registration of the IP into DNS and so on.

Steps
(2 total)

1

server

1.1. IP address 192.168.1.254/255.255.255.0 default gateway 192.168.1.254, register this connection address in DNS checked, append primary and connection specific DNS suffixes, but with parent unchecked. IPv6 disabled and DHCP client service running (automatic start) - this is required for self registration in DNS.
1.2. run dcpromo and confirm that you also want to have the DNS server role installed and configured. dcpromo will make things working.
1.3. After dcpromo check into dns that:
- you have a primary AD integrated forward zone for your internal domain
- you have a primary AD integrated reverse zone for your IP class (1.168.192.in-addr.arpa). If not then create one
- check that your server forwards queries to your ISP DNS servers, and if nothing there, fill with their IP addresses. also you can check to use root hints in case forwarders does not respond
- check the properties of the network connection of the server to be sure that at the DNS is listed itself (127.0.0.1), you can use ipconfig /all.
- check that you have internet access from the server
- do the other stuff regarding shares, users for your AD domain
1.4. Just to remember that you should disabled IPv6 as will not help you at all.

A vendor claims Ciscos hardware routers would out perform Sophos firewalls as gateway devices. Each vendor claims their stuff is superior. What do you think, is the hardware advantage enough to overcome the extra hop/processing cost?